Q.1 Corporate Fraud” Please respond to the following:
As we’ve examined this week, legislation centers mostly around fraud in the corporate arena when it comes to technology. The government seems to want to ensure businesses are operating honestly. Search the web for an example of corporate fraud in the news in the past few years. A good search term is SOX. Read about what the company was doing that was considered fraud. Beyond the law, describe how you feel the company was behaving. Were they doing the right thing by all the people involved? Employees, customers, shareholders, the general public, etc. Can you think of a way a company may intend to do the right thing, but wind up on the wrong side of the law? Be sure to share your complete URL to the article with your post so interested classmates can go right to your article.
Q.2 “NIST and Risk Governance and Risk Management” Please respond to the following:
Companies generally reference NIST standards when assessing their risk management. Based on your learning this week, what do you think would be your top NIST consideration when starting to craft a risk management policy for a small to medium sized company? Is it possible in your estimation to anticipate all possible threats and contingencies in advance of an attack?
Q.3 “Data Breach Notification” Please respond to the following:
Data breach laws have made us more aware of how our PII and other corporate data is compromised in recent years. Intellectual property is often the target of attacks from foreign entities and even governments. Banks don’t like people to know how much money is stolen annually by hackers; despite their best efforts to prevent such theft. Discuss your thoughts on the subjects mentioned here based on your learning from this week.
Q.4 “Online Contracts” Please respond to the following:
Online contracts are becoming ubiquitous these days. They’re sometimes signed online even in face-to-face meetings between parties. Based on your study this week, what are some pitfalls you previously didn’t know? Describe an online contract or end-user license agreement you signed that made you think. Do you ever agree to things without fully reading them, even when the signature block says, “I have read and understand”? What do you think about this now that you have learned about online contracts?
Q.5 “Policies, Standards, Procedures, and Guidelines” Please respond to the following:
This week you studied policies, standards, procedures and guidelines. If you were the project leader at a small company being spun off from a larger company, how would you tackle the task of adapting your company’s policies regarding information security? What are some of your greatest concerns? What rules are you likely to keep and which won’t really apply? Remember to keep a balance. You don’t want the employees to be so locked down by rules that they can’t efficiently do their jobs.
Q.6 “Risk Assessment and Incident Response Teams” Please respond to the following:
Your medium-sized company has recently expanded funding for the IT department and is adding dedicated specialists to “Risk Assessment” and “Incident Response” teams. You’re helping with the organization of the new structure. What kind of certifications and education are you going to be looking for when assigning existing team members and new hires to these teams? How are you going to describe their jobs to them? Should these teams work together, or be independent of one another? Why? What should be the first projects each should undertake in your opinion, based on this week’s study?